I already blocked the account and sent to Cyrus a signed message, I hope it will be resolved soon.

The account should be locked now and I hope the hacker will do no harm, I opened this thread mainly to try to understand how I was hacked. Also, I am pretty sure I posted 2 addresses in the stake thread, but I am not able to find them. Any google master that can help me?

I noticed that cyrus account posted the last time 1 month ago, he seems to go online daily and to be online now, but looking at his post history makes me think he is not very active in this period.

I don't want to bother abusing PMs, so I will bump this thread daily hoping that it will help to get noticed by some admin.

Besides that, any idea about how I was hacked?

The day before the hack I noticed I logged out and so logged in using Google automatic compile. My password is unique for this site, it was 2 words and 3 numbers, 15+ characters long. No virus or keylogger installed as far as I know, and I was hacked only on bitcointalk.

When did you last change your password here? If you didn't chnage it after the forum hack on May 22 2015 then it was likely cracked. Did you download any alt coin wallets or accidentally log into any phishing sites?

When did you last change your password here? If you didn't chnage it after the forum hack on May 22 2015 then it was likely cracked. Did you download any alt coin wallets or accidentally log into any phishing sites?

I changed my password adding "123" at the end. I know, shame on me, but they were salted and all....

Usually I use only my android phone to login, but as I said it was necessary to re-log the day before the hack

...Also, It could be I logged in using my Windows laptop. That seems unable to update to the last version of Windows, I stopped updates from services.msc because it was looping downloading and installing "the last version of windows".

I use this pc only to mine deeponions so I didn't bother so much, an avira scan find no viruses and I still have my considerable amount of onions (but I never uncrypted my wallet since days).

Deleting this pc would be really painful to me, but I'm seriously considering to do it before digiting the wallet password again.

After double-checking all i was albe to, i unlocked the wallet and made a tx.

All went smooth, thanks god

So...seems like they hacked me....maybe I remember wrong and I didn't change the password after the 2015 hack, can someone check this for me?

Regarding account recovery, two weeks are pretty a long time to wait to send a pm to theymos, but I think that spam won't help me, and I already sent 3 message to Cyrus due to wrong format too... what else I can do, besides waiting 2 weeks and upping this thread?

I am pretty sure I did not login to any phishing site, and I use goggle chrome autocompile for passwords.

you mean Google Autofill/Autocomplete password?did you re-log intentionally (open login page from bookmark) or were you re-directed to login page?if the latter happened, you could be logging into a phishing site happened to me a few weeks ago but luckily I noticed the wrong url, so I just closed the page and reopened the forum from my bookmark can you remember the time you logging in and check your browser history to make sure you were on the real login page at that time just in case there is a way to trick autocomplete to work with fake login page

I am pretty sure I did not login to any phishing site, and I use goggle chrome autocompile for passwords.

you mean Google Autofill/Autocomplete password?did you re-log intentionally (open login page from bookmark) or were you re-directed to login page?if the latter happened, you could be logging into a phishing site happened to me a few weeks ago but luckily I noticed the wrong url, so I just closed the page and reopened the forum from my bookmark can you remember the time you logging in and check your browser history to make sure you were on the real login page at that time just in case there is a way to trick autocomplete to work with fake login page

Think You for the hint, i reviewed my chronology but I can't find anything suspicious... also, Google autofill shouldn't work on a phishing site....or not? I think I login from the login button...because it seemed like I was logged out. I think I was not redirected, but I am not 100% sure

Think You for the hint, i reviewed my chronology but I can't find anything suspicious... also, Google autofill shouldn't work on a phishing site....or not? I think I login from the login button...because it seemed like I was logged out. I think I was not redirected, but I am not 100% sure

If it autofills your password and username then yes. It's just like you typing it in. The way phishing sites work is that they make their site look identical to their target site and only have a different url and database. When you log in they'll see what you've tried to log in with, and will then try and use it on the actual site. I didn't even know autofill was a thing on modern browsers, but I would recommend taking that off right away.

Think You for the hint, i reviewed my chronology but I can't find anything suspicious... also, Google autofill shouldn't work on a phishing site....or not? I think I login from the login button...because it seemed like I was logged out. I think I was not redirected, but I am not 100% sure

If it autofills your password and username then yes. It's just like you typing it in. The way phishing sites work is that they make their site look identical to their target site and only have a different url and database. When you log in they'll see what you've tried to log in with, and will then try and use it on the actual site. I didn't even know autofill was a thing on modern browsers, but I would recommend taking that off right away.

When I went to a known site and I saved the password, both username and password would be autocopiled and in yellow background. I think this function will only work for known urls, I am pretty sure I used it, and I can't find any phishing link in my chronology (but searching is difficult because of mobile, I could have missed it).

Still, I'm wondering if I changed the password after the 2015 hack. I think I did so but I'm not 100% sure...

Think You for the hint, i reviewed my chronology but I can't find anything suspicious... also, Google autofill shouldn't work on a phishing site....or not? I think I login from the login button...because it seemed like I was logged out. I think I was not redirected, but I am not 100% sure

If it autofills your password and username then yes. It's just like you typing it in. The way phishing sites work is that they make their site look identical to their target site and only have a different url and database. When you log in they'll see what you've tried to log in with, and will then try and use it on the actual site. I didn't even know autofill was a thing on modern browsers, but I would recommend taking that off right away.

I always thought that autofills key the passwords to hostname or domain name contained in the canonical URL. They are not tricked by phishing sites where the domain name is mistyped or simply looks the same visually to the real site.